Password Protection

I'm new to MicroPython and have a question about the best practices to passwords or certificates.

If I use a Pycom board as an HTTP or MQTT client, I need to put the password in the code or put the certificates in the board. Does that mean that anyone who has access to my board can open my .py files and read my password or download my certificates?